CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,779 vulnerabilities with CWE-89
CVE-2023-0561 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via /user/s.php id Parameter
CVSS 6.3
CVE-2023-0560 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/practice_pdf.php id Parameter
CVSS 4.7
CVE-2023-0534 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/expense_report.php to_date Parameter
CVSS 4.7
CVE-2023-0533 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via from_date Parameter
CVSS 4.7
CVE-2023-0532 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/disapprove_user.php id Parameter
CVSS 4.7
CVE-2023-0531 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/booking_report.php to_date Parameter
CVSS 4.7
CVE-2023-0530 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/approve_user.php id Parameter
CVSS 4.7
CVE-2023-0529 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/add_payment.php id Parameter
CVSS 4.7
CVE-2023-0528 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/abc.php id Parameter
CVSS 4.7
CVE-2023-0516 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via Forget Password Email Parameter
CVSS 5.5
CVE-2023-0515 MEDIUM
Online Tours & Travels Management System 1.0 - SQL Injection via admin/forget_password.php Email Parameter
CVSS 5.5
CVE-2023-23331 CRITICAL
Amano Xoffice 7.1.3879 - SQL Injection
CVSS 9.8
CVE-2023-22630 MEDIUM
IzyBat Orange casiers < 20221102_1 - SQL Injection via getCasier.php taille Parameter
CVSS 4.3
CVE-2023-23824 MEDIUM
WP-TopBar <= 5.36 - Authenticated SQL Injection
CVSS 6.7
CVE-2023-23492 HIGH
Login with Phone Number WordPress Plugin < 1.4.2 - Authenticated SQL Injection via ID Parameter
CVSS 8.8
CVE-2023-23490 HIGH
Survey Maker WordPress Plugin < 3.1.2 - Authenticated SQL Injection via surveys_ids Parameter
CVSS 8.8
CVE-2023-23489 CRITICAL
Easy Digital Downloads < 3.1.0.4 - Unauthenticated SQL Injection via 's' Parameter
CVSS 9.8
CVE-2023-23488 CRITICAL
Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection via Order REST Route Code Parameter
CVSS 9.8
CVE-2023-20010 HIGH
Cisco Unified Communications Manager < 12.5(1)su7 - Authenticated SQL Injection
CVSS 8.1
CVE-2023-22727 CRITICAL
CakePHP 4.2.0-4.2.11 - SQL Injection via Query::limit() and Query::offset()
CVSS 9.8
CVE-2023-0332 HIGH
SourceCodester Online Food Ordering System 2.0 - SQL Injection via admin/manage_user.php id Parameter
CVSS 7.3
CVE-2023-0324 HIGH
SourceCodester Online Tours & Travels Management System 1.0 - SQL I...
CVSS 7.3
CVE-2023-0305 MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
CVE-2023-0304 MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
CVE-2023-0303 MEDIUM
SourceCodester Online Food Ordering System - SQL Injection
CVSS 6.3
Details
Vulnerabilities 19,779
Exploit Likelihood High